Hello! first of all, thanks again to everybody who helped, both on and off-list!
Right now, the original SSL problems seem all gone, and after turning off ipv6 even gmail started to accept my email. Now I can connect with mutt from home, access mailboxes over imaps, send email using ssl/tls to any domain I have been able to try. To get there, I had as I said to turn off ipv6, as shown in postconf -n output below. Honestly, I have no idea if and what exactly I am missing by not using ipv6, thanks in advance to whoever steps in to explain. In any case, I can say that the configuration below seems to be a decent solution so far for running postfix 2.10 on Centos, for a small number of users and domains, and without running any rdbms. Next step is to figure out which between rainloop and roundcube is a better/easier/safer webmail to set up. General comments and/or tips on how to harden this, with stronger ciphers or other stuff, are very welcome. Ditto for pointers to online services to test if anything is OK wrt dkim, spf, dns, blacklists, greylisting... (I DO know some of them, but not sure if they are the most efficient). If anybody feels like receiving one email from that server, just to confirm to me that everything is fine, please let me know. Thanks, and off to dinner and bed now... Marco postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 disable_vrfy_command = yes html_directory = /usr/share/doc/postfix-2.4.3-documentation/html inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost mydomain = $myhostname myhostname = a.mx.example.com mynetworks = 127.0.0.0/8, myhomeipaddress myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:8891 procmail_destination_recipient_limit = 1 queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.3-documentation/readme relay_domains = sample_directory = /etc/postfix sender_dependent_relayhost_maps = hash:/etc/postfix/mymaps/relayhost_maps sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_address_preference = ipv4 smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = hash:/etc/postfix/mymaps/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_sasl_type = cyrus smtp_sender_dependent_authentication = yes smtp_tls_mandatory_ciphers = high smtp_tls_security_level = may smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/client_checks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_helo_access hash:/etc/postfix/reject_own_helo, check_policy_service unix:postgrey/socket smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/archive/example.com/fullchain1.pem smtpd_tls_ciphers = medium smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /etc/letsencrypt/archive/example.com/privkey1.pem smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_use_tls = yes strict_rfc821_envelopes = yes unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/mymaps/valias.map virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/mymail_storage virtual_mailbox_domains = /etc/postfix/mymaps/vhosts.map virtual_mailbox_maps = hash:/etc/postfix/mymaps/vmailboxes.map virtual_transport = procmail virtual_uid_maps = static:1001 ################################################################ postconf -Mf: smtp inet n - n - - smtpd submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject 628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache procmail unix - n n - - pipe flags=D user=myvmail_user argv=/usr/bin/procmail -t -m USER=${recipient} EXTENSION=${extension} /usr/local/etc/procmailrc.common